The two vulnerabilities exploit the possibility of a side-channel attack of the processor.

A side-channel attack is any attack based on information acquired from the physical implementation of an information system. Timing information, energy consumption, electromagnetic losses or even sound can be exploited to break the system. By using statistical analysis of these physical operations, it is possible to obtain data from protected memory (for example passwords and cryptographic keys). It is not a simple attack to perform, and cannot be enabled remotely because the malicious code must be executed locally on the machine. It is still unclear whether it is really possible to corrupt or modify data.

Some clarifications

You can find a lot of information about this matter on the Internet, but we still want to report some important comments obtained directly from our discussions with Intel:

The attacker can observe the protected memory content, bypassing the level of privilege of the application.

It exploits a flaw of speculative execution, common in all modern processors.

It is not unique to a processor or on the implementation of a specific processor.

It is not the result of a product that does not comply with the specifications.

There are various techniques to mitigate the vulnerability, starting initially from the software and the operating system, then from the bios/firmware to finally arrive at a hardware redesign.

The impact on thin client devices

The vulnerability in thin client devices has less impact than other systems, because, in thin devices, the information that is processed is the output of virtual machines, and therefore more difficult to interpret by an attacker.

Praim's commitment to safety

At Praim we are always committed to keeping our products up-to-date, with special attention to security. To repair the issue necessitates working in depth on the hardware system, which then requires a thorough testing phase to exclude the occurrence of collateral problems.

ThinOX

In our ThinOX 10 models, we are working to provide an updated version of the operating system to fix the vulnerability as soon as possible. The Linux kernel community has already released some patches, which are being tested in our labs. In addition, Intel has provided a new version of the microcode for its CPUs, which is currently under test.

Windows 10 IoT and Windows 7 Embedded

Microsoft is releasing patches for its operating systems, which will be integrated into future versions of Windows 10 IoT and Windows 7 Embedded.

Models affected by vulnerabilities

Devices with Intel processors according to the table.

For devices with VIA processors, no information has yet been issued by the manufacturer regarding the problem.

The series affected by the vulnerability are as follows:

Family

Models

Processor

Status

Affected by vulnerability

A fix version is expected

All-In-One

XT9050-TC180

Intel Atom N270

EOR

YES

NO

Atomino

XT9050-A

Intel Atom N270

EOL

YES

NO

Atomino Dual Core

A9050; A9700

INTEL ATOM D2550

EOM

NO

NO

Atomino Quad Core Series

A9054; A9074; A9014; A90-HOR; A90-RFX; A90-HDX

Intel Celeron J1900

In production

YES

YES

Compact

XT9200-C; XT9000-C; XP9400-C

VIA Eden ULV 1GHz/VIA VX800

EOR

Waiting for information

Waiting for information

Compact Dual Core

C9010; C9050; C9200; C9400; C9700; C9080

VIA Eden X2 1GHz Dual Core/VIA VX900

EOP

Waiting for information

Waiting for information

Duetto Quad Core Series

D9054; D9074; D9014; D90-HOR; D90-RFX; D90-HDX

Intel Celeron J1900

In production

YES

YES

Ino 900

XT900-I; XT920-I; XP940-I

VIA Eden ULV 500MHz/CN700

EOR

Waiting for information

Waiting for information

Ino 9000

XT9000-I; XT9200I; WE9700-I; XP9400-I

VIA Eden ULV 1GHz/VX855

EOS

Waiting for information

Waiting for information

Ino SoC Series

I9010; I9020; I9030; I9050

Texas Instruments DM8148

EOP

YES

YES

Neutrino Series

N9052; N9072; N9012; N90-HOR; N90-RFX; N90-HDX

Intel Celeron N2807

In production

YES

YES

P Series

P9002; P9004; P9200e

Teradici 2321

In production

NO

-

Ultra

XT9000-U; XT9200-U; XP9400-U

VIA Eden ULV 1.6GHz/VIA VX800

EOL

Waiting for information

Waiting for information

Ultra Dual Core

U9050; U9200; U9700

INTEL ATOM D2550

EOL

NO

NO

Ultra Quad Core Series

U9054; U9074; U9014; U90-HOR; U90-RFX; U90-HDX

Intel Celeron J1900

In production

YES

YES

Updates and patches released by Intel, Via Technologies, Linux, and Microsoft will be made available as soon as tested and recognized as stable and not problematic.